Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
157 lines (157 sloc) 4.76 KB
[{
"description": "Guest access should not be enabled",
"resource": "SYSTEM",
"resourcegroup": "MyApp RG",
"category": "Identity & access",
"severity": "MEDIUM"
}, {
"description": "Data encryption in transit policies for storage accounts",
"resource": "myapp.blob.core.windows.net",
"resourcegroup": "MyApp RG",
"category": "Data security",
"severity": "HIGH"
}, {
"description": "Encryption of OS disks attached to VMs",
"resource": "myapp-vm1",
"resourcegroup": "MyApp RG",
"category": "Compute & apps",
"severity": "MEDIUM"
}, {
"description": "Internet facing access control to cloud infrastructure using RDP",
"resource": "myapp-vm1-nic1",
"resourcegroup": "MyApp RG",
"category": "Networking",
"severity": "HIGH"
}, {
"description": "Configuration of activity alerts for SQL server firewall rules",
"resource": "myapp.database.windows.net",
"resourcegroup": "MyApp RG",
"category": "Logging & monitoring",
"severity": "LOW"
}, {
"description": "Multi-factor authentication policies for administrators",
"resource": "Azure Active Directory",
"resourcegroup": "SYSTEM",
"category": "Identity & access",
"severity": "HIGH"
}, {
"description": "Multi-factor authentication policies for users",
"resource": "Azure Active Directory",
"resourcegroup": "SYSTEM",
"category": "Identity & access",
"severity": "LOW"
}, {
"description": "Password security policies",
"resource": "Azure Active Directory",
"resourcegroup": "SYSTEM",
"category": "Identity & access",
"severity": "MEDIUM"
}, {
"description": "User consent policies for application access to company data",
"resource": "Azure Active Directory",
"resourcegroup": "SYSTEM",
"category": "Identity & access",
"severity": "LOW"
}, {
"description": "Access controls to cloud admin portal",
"resource": "Azure Active Directory",
"resourcegroup": "SYSTEM",
"category": "Identity & access",
"severity": "HIGH"
}, {
"description": "Azure AD security group management policies",
"resource": "Azure Active Directory",
"resourcegroup": "SYSTEM",
"category": "Identity & access",
"severity": "MEDIUM"
}, {
"description": "Access control of cloud subscriptions",
"resource": "Azure Active Directory",
"resourcegroup": "SYSTEM",
"category": "Identity & access",
"severity": "HIGH"
}, {
"description": "Data encryption at rest policies for storage accounts",
"resource": "salesdata.blob.core.windows.net",
"resourcegroup": "MyApp RG",
"category": "Data security",
"severity": "HIGH"
}, {
"description": "Data encryption at rest policies for fileservices",
"resource": "customerdata.files.core.windows.net",
"resourcegroup": "MyApp RG",
"category": "Data security",
"severity": "HIGH"
}, {
"description": "SQL servers and SQL databases auditing controls",
"resource": "mydb1.database.windows.net",
"resourcegroup": "MyApp RG",
"category": "Data security",
"severity": "MEDIUM"
}, {
"description": "Threat detection controls on SQL servers and databases",
"resource": "mydb1.database.windows.net",
"resourcegroup": "MyApp RG",
"category": "Data security",
"severity": "HIGH"
}, {
"description": "Data encryption of SQL databases",
"resource": "myapp.database.windows.net",
"resourcegroup": "MyApp RG",
"category": "Data security",
"severity": "HIGH"
}, {
"description": "Encryption of data disks attached to VMs",
"resource": "myapp-vm1",
"resourcegroup": "MyApp RG",
"category": "Compute & apps",
"severity": "HIGH"
}, {
"description": "Open ports, protocols and services on VMs",
"resource": "myapp-vm1",
"resourcegroup": "MyApp RG",
"category": "Compute & apps",
"severity": "MEDIUM"
}, {
"description": "Expiry of SSL certificate",
"resource": "www.myapp.com",
"resourcegroup": "MyApp RG",
"category": "Compute & apps",
"severity": "LOW"
}, {
"description": "Resource Locks are set for mission critical cloud infrastructure",
"resource": "myapp1-vm",
"resourcegroup": "MyApp RG",
"category": "Compute & apps",
"severity": "HIGH"
}, {
"description": "Internet facing access control to cloud infrastructure using SSH",
"resource": "ngrx1-vm",
"resourcegroup": "MyApp RG",
"category": "Networking",
"severity": "HIGH"
}, {
"description": "Network Security Group Flow logging enabled",
"resource": "myapp-nsg",
"resourcegroup": "MyApp RG",
"category": "Networking",
"severity": "LOW"
}, {
"description": "Network Watcher enabled",
"resource": "myapp-nsg",
"resourcegroup": "MyApp RG",
"category": "Networking",
"severity": "LOW"
}, {
"description": "Azure KeyVault logging enabled",
"resource": "contosokeys.vault.azure.net",
"resourcegroup": "MyApp RG",
"category": "Logging & monitoring",
"severity": "LOW"
}, {
"description": "Configuration of activity alerts for Azure Security Policies",
"resource": "SYSTEM",
"resourcegroup": "MyApp RG",
"category": "Logging & monitoring",
"severity": "LOW"
}]
You can’t perform that action at this time.